[DSE-Dev] Bug#738946: selinux-policy-default: Bind's ndc_t denied block_suspend on epollwakeup

Devin Carraway devin at debian.org
Fri Feb 14 06:05:14 UTC 2014

Package: selinux-policy-default
Version: 2:2.20140206-1
Severity: normal

ndc_t being prevented from block_suspend on itself:

    Feb 13 00:46:38 a6 kernel: [  541.076682] type=1400 audit(1392281198.624:176): avc:  denied  { block_suspend } for  pid=4506 comm="rndc" capability=36  scontext=system_u:system_r:ndc_t:s0 tcontext=system_u:system_r:ndc_t:s0 tclass=capability2

This also came up in Redhat Bug#895070 but the fix was seemingly never pushed

Patch attached.

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-updates'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.12-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages selinux-policy-default depends on:
ii  libpam-modules   1.1.3-9
ii  libselinux1      2.2.2-1
ii  libsepol1        2.2-1
ii  policycoreutils  2.2.5-1
ii  python           2.7.5-5
ii  selinux-utils    2.2.2-1

Versions of packages selinux-policy-default recommends:
ii  checkpolicy  2.2-1
ii  setools      3.3.8-3

Versions of packages selinux-policy-default suggests:
pn  logcheck        <none>
pn  syslog-summary  <none>

-- Configuration Files:
/etc/selinux/default/modules/active/file_contexts.local [Errno 13] Permission denied: u'/etc/selinux/default/modules/active/file_contexts.local'

-- debconf-show failed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: refpolicy-ndc_t-block_suspend.patch
Type: text/x-diff
Size: 1014 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20140213/8f975b9b/attachment.patch>

More information about the SELinux-devel mailing list